DS Certificates - dogtagpki/freeipa GitHub Wiki

In IPA environment DS certificates are stored in an NSS database at /etc/dirsrv/slapd-<REALM> and the NSS database password is stored at /etc/dirsrv/slapd-<REALM>/pwdfile.txt.

To display the DS certificates:

$ pki -d /etc/dirsrv/slapd-EXAMPLE-COM nss-cert-find
  Nickname: EXAMPLE.COM IPA CA
  Serial Number: 0x1
  Subject DN: CN=Certificate Authority,O=EXAMPLE.COM
  Issuer DN: CN=Certificate Authority,O=EXAMPLE.COM
  Not Valid Before: Mon Jun 13 20:04:33 UTC 2022
  Not Valid After: Fri Jun 13 20:04:33 UTC 2042
  Trust Flags: CT,C,C

  Nickname: Server-Cert
  Serial Number: 0x8
  Subject DN: CN=ipa.example.com,O=EXAMPLE.COM
  Issuer DN: CN=Certificate Authority,O=EXAMPLE.COM
  Not Valid Before: Mon Jun 13 20:06:24 UTC 2022
  Not Valid After: Thu Jun 13 20:06:24 UTC 2024
  Trust Flags: u,u,u

DS Certificates - dogtagpki/freeipa GitHub Wiki

⚠️ **GitHub.com Fallback** ⚠️

⚠️ GitHub.com Fallback ⚠️